Brendan Patterson of WatchGuard Technologies discusses how senior IT leaders can protect the organization from ransomware attacks through an easily deployed, layered approach to security.

Hackers look at midsize enterprises much the way a child looks at a piece of candy: the object of their affection.

Ransomware is a moving target, but no matter how much cybersecurity evolves with it, ransomware still inflicts major damage on its victims. How much

  • Ransomware cost $209 million in the first quarter of 2016, according to the FBI
  • Ransomware is the top malware in crimeware incidents, according to the Verizon Data Breach report
  • Two in five spam attachments include ransomware, according to IBM
  • A crypto-ransomware attack on an SMB costs $99,000, according to Kaspersky

Wannacry and Petya made headlines around the world and there’s a reason, ransomware spared victims no mercy.

How can you keep it from happening to you?

Midsized businesses targets of ransomware

Brendan Patterson, director of product management with WatchGuard Technologies, shared the aforementioned statistics with attendees at this year’s Midsize Enterprise Summit Fall 2017 conference in San Antonio.

“Ransomware disproportionately attacks midsized businesses,” Patterson said. “Ransomware attacks are costly. (Yet), ransomware is predictable and, therefore, can be prevented.”

Five of six WatchGuard partners (83 percent) believe ransomware will be their customers’ number-one threat this year.

And to illustrate that first bullet point above about the cost of ransomware attacks, Patterson said the number of ransomware attacks quadrupled last year, with an average of 4,000 attacks per day. That $209 million cost of ransomware, represents a 771 percent increase over the reported $24 million for all of 2015. “The FBI estimates ransomware is on pace to be a $1 billion source of income for cybercriminals this year.”

Legacy antivirus continued to miss new malware at a higher rate. Indeed, antivirus solutions missed 38 percent of the total threats WatchGuard caught in the first quarter of 2017.

“Signature-based detection is needed, but it must be augmented with services that detect and deter advanced persistent threats. Ransomware is made to look different each time so signature-based antivirus solutions are no longer enough.

“These people who publish ransomware are good businessmen.”

As we mentioned earlier, ransomware is evolving. Let’s take a look at how Patterson sees this trend changing.

Ransomware-as-a-service has emerged. “Ransomware comes in a box now.”

There’s a new form of customer service. “Ransomware attackers are using 1-800 numbers to help people purchase Bitcoin.”

Beware of price fluctuations. “The price increases after 72 hours. Most ransomware notes have a countdown clock. Pay up. After 72 hours, the ransom doubles.”

Inch by inch, ransomworms crawl. “Petya and WannaCry were ransomworms. They leverage technology. They don’t just impact and hit the system that initially downloads it. It spreads like wildfire through the network if not protected.”

An unnatural wonder. “Ransomware attackers are utilizing a pyramid marketing structure. You can get out of paying ransom by sending the infection and infecting two of your friends.”

The best defense against ransomware

The natural question at this point is, how do you defend against ransomware? Glad you asked.

“Before you use any technology, educate your users to spot emails that look like a phishing attack.”

Patterson recommended a three-pronged approach of prevention, recovery and education.

Prevention. “You should take steps to prevent the initial infection by using a multi-layer security approach. Network-based antivirus scanning and advanced persistent threat protection, along with host-based endpoint protection, remains a must.”

Recovery. “You should also regularly create and test offline backups to recover from a ransomware infection. It is important that your backups be offline to protect against ransomware that locates and encrypts networked file shares.”

Education. “Finally, you should educate your employees on how to spot phishing attempts, which continue to be the most common attack vector for ransomware.”

“If all of these steps fail, though, you may still have hope with a decryption utility.”

Patterson was very clear in his thoughts about ransomware defense solutions.

“Don’t believe any solution that tells you they can protect you 100 percent from all threats. They will get through. Make sure your solution has a backup and recovery plan.”

He continued. “Education is important, not just educating your users, but as IT professionals, you need to know the latest threats that are out there. You really need to evaluate what’s going on in your network.”